Skip to main content
important

This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.

Optional session verification should re-throw TRY_REFRESH_TOKEN errors

Status

This is just a proposal so far, it hasn't been accepted and needs further discussion.

Status:
proposed
Deciders:
rishabhpoddar, porcellus
Proposed by:
porcellus
Created:
2022-11-24

Context and Problem Statement#

We want devs to be able to be able to specifically allow/disallow a token transfer method in verifySession and refreshSession. E.g.: A web only application wants to only ever want to use cookie based sessions (and httpOnly cookies), so they want to disable header based sessions.

Considered Options#

  • Re-use getTokenTransferMethod
  • Add a new allowTokenTransferMethod

Decision Outcome#

Re-use getTokenTransferMethod. Reasons:

  • Single function override if someone wants to only allow/use a single token transfer method

Pros and Cons of the Options#

Re-use getTokenTransferMethod#

  • Single configuration if you want to only allow a single token transfer method
  • Add a new allowTokenTransferMethod#

  • Very verbose and specific, making it easy to explain
  • If you only want to allow a single token transfer method you'd have to override `getTokenTransferMethod` anyway